How to install a PPTP server on debian squeeze

This document describes the required steps to make a fully functional PPTP server on debian squeeze and how to configure Arno iptables firewall to accept incoming connections to PPTP server (in case you use this great firewall script).

If you don't use Arno iptables firewall but you still want to share internet connection with PPTP server please view the last note.

PPTP or PopTop is a vpn implementation that is rather similar to OpenVPN. The difference is that PPTP is quite a bit less secure than OpenVPN, as it is not encrypted. That said, if you need quick VPN solution that’s easy and hassle free to set up, PPTP is the obvious choice.

4. Edit the chap secrets file /etc/ppp/chap-secrets and add to it the authentication credentials for a user’s connection, in the following syntax:

username <TAB> * <TAB> users-password <TAB> *

5. Restart the connection’s daemon for the settings to take affect:

/etc/init.d/pptpd restart

6. Enable Forwarding (this is an optional step).

Note: By enabling forwarding we make the entire network available to us when we connect and not just the VPN server itself. Doing so allows the connecting client to "jump" through the VPN server, to all other devices on the network.

Edit the sysctl file:

vim/etc/sysctl.conf

Find the net.ipv4.ip_forward line and change the parameter from 0 (disabled) to 1 (enabled):

net.ipv4.ip_forward=1

6. You can either restart the system or issue this command for the setting to take affect:

If you don't use Arno iptables firewall but you still want to share internet connection with PPTP server we have to configure NAT for PPTP connections, otherwise you cannot reach anywhere from this server. Add the following lines at the end of the /etc/rc.local right before exit 0